I've refactored the offending code branch and added some comments so
hopefully the intent is a bit clearer. The loop termination conditions
are now obviously independent of the content on the wire (they were
meant to be before, but I admit it was obscure). I've tried using the
ephemeral memory routines.
Add a check for a maximum fragment count, and bail out of reassembly instead
of triggering an ep_alloc exception. Add Julian to AUTHORS. Update the
release notes.
svn path=/trunk/; revision=21007
Attached is a wireshark patch that adds support for decoding DHCP option 125
and the DHCP option 125 suboptions defined by the DSL Forum's TR-111
specification.
svn path=/trunk/; revision=20783
sminmpec_values array is marked as just "export" instead of "WS_VAR_IMPORT" in
epan/sminmpec.h. This prevents its using in Windows builds of plugins directly.
svn path=/trunk/; revision=20720
Wed, Jan 31, 2007 at 7:24 PM
To: wireshark-dev@wireshark.org
Hello,
Please consider for checkin the following new dissectors, for the FMP protocol.
FMP (File Mapping Protocol) is the network protocol basis for EMC's HighRoad (MPFS) technology. Highroad is used to allow multiple clients to share access to NAS-shared files while allowing clients to directly access data volumes (via, for example, Fibre Channel or iSCSI). EMC currently uses this technology in our Celerra NAS servers, and we're currently in the process of open sourcing portions of the technology.
FMP actually consists of two ONC/RPC-based protocols - the core FMP protocol, and FMP/Notify. The latter is used as an asynchronous callback to inform clients of status changes, such as lock revocation.
We'd like to offer these dissectors to Wireshark users for help in debugging or otherwise troubleshooting MPFS-related problems. There are still a few minor changes that need to be made ( i.e. a handful of fields that aren't decoded) but the dissector is overall fairly complete and very usable.
Let me know if there are questions or feedback, or otherwise if other info is needed (like sample captures, which I don't want to send out to the mailing list).
Thanks,
Ian Schorr
EMC Corporation
svn path=/trunk/; revision=20679
1 Add ALCAP and NBAP as subdissectors of SSCOP. Previously it only
knows about SSCF-NNI and data. (Changes in packet-sscop.c,
packet-sscop.h)
2 Add capability for lower layer to force SSCOP to choose a particular
dissector. It is passed as "subdissector" field of SSCOP protocol
data. This is required because different payload protocol is
distinguished by different VPI/VCI. There is no protocol field inside
SSCOP frame. (Changes in packet-sscop.c, packet-sscop.h)
3 Make K12xx configuration file supporting the following syntax:
C:\k1297\stacks\umts_iub\umts_iub_aal2l3.stk sscop:alcap
This says dissect with SSCOP first and then pass to ALCAP.
The change is made general, so it supports arbitrary number of
protocol, like "proto1:proto2:proto3". Using ":" as separator
allow us to expand the syntax further to support parameters like
"proto1 param1:proto2 param2 param3". (Changes in packet-k12.c)
With above 3 changes together, dissecting Iub traces are correct for
control and signaling planes. I am still investigating user plane
frames because writing UMTS RLC/MAC protocol dissector is required.
The patch and sample .rf file (same as my previous patch) is in the
attachment.
plus:
Add Kriang to the AUTHORS list (and once at it upate my own record)
svn path=/trunk/; revision=20580
There was a change in Corrigendum 1 (03/2004) to H.248.1 which allows an
empty {} to be omitted from the Signal Descriptor. Currently (SVN 20346)
this causes Wireshark to report [Packet size limited during capture] as
shown in the attached example outputs.
I have attached a possible patch to solve this.
svn path=/trunk/; revision=20360
The attached patch changes the way the ssl-session-id is displayed.
Currently it is not shown, only the length is shown like this:
Session ID Length: 32
Session ID (32 bytes)
To me, it is not useful to repeat the length and omit the ID itself.
With this patch the ssl-session-id is shown like this:
Session ID Length: 32
Session ID: A4B2FB0EE6D8F58DEFF68E38B1E5B4C25F1869D4BC86A96E...
svn path=/trunk/; revision=20212
a little patch against revision 20088 in packet-isis-lsp.c for the
following :
- hf_isis_lsp_remaining_life declared but unused
- replacing a proto_tree_add_uint useless with proto_tree_add_item
svn path=/trunk/; revision=20148
I have added a new dissector for DMP (STANAG 4406 Direct Message
Profile) as defined in STANAG 4406 Annex E. The DMP protocol has no
assigned UDP port number yet, so the default value in this dissector
is 0 (I suppose this is som sort of "disabled"?) until we get this
registered.
The dissector has been tested on OSX Intel/PowerPC and Solaris SPARC.
Changes in this patch:
* Added DMP dissector
* Added a new CRC table and functions in crc16.c
* Made NonDeliveryReasonCode and NonDeliveryDiagnosticCode available
from X.411
* Made NonReceiptReasonField and DiscardReasonField available from X.420
svn path=/trunk/; revision=20133
I defined a range_string struct. It's like value_string
but stores range <-> string pairs.
Moreover I wrote rval_to_str(), match_strrval_idx()
match_strrval() which are behaving exactly as
val_to_str(), match_strval_idx() and match_strval().
svn path=/trunk/; revision=20061
support.
WEP key preferences have been overloaded to allow WPA keys. The
decryption code currently uses Windows-specific data types, but can be
converted to use glib equivalents.
Add a few text and whitespace fixups.
svn path=/trunk/; revision=20049
by myself:
Corrected patch; epan/column.c and epan/column_utils.c were not included. This
one has now been properly tested against a clean checkout of today's code.
- New menu option available under view\time display format
- New sub-option (e) to -t switch for both wireshark and tshark
- Extended recent settings code to handle new value
- Did NOT add new explicit epoch time column
svn path=/trunk/; revision=20040
This patch fixes a transposition of the orders of
Set Attribute Number
Set Attribute Length
In the page oriented get and set attributes CDB parameters format
Ref SCSI-OSD T10/1355-D Revision 10 section 5.2.2.2
svn path=/trunk/; revision=19460
I have figured out one of the fields in the MAPI
EcRRegisterPushNotification packet. The field is a UDP port number that
the client wants the Exchange server to send new mail notifications on.
These notifications are on a port > 1023 and are always 8 bytes long.
It looks like I would add the function name to the
dcerpc_mapi_dissectors[] for the register push notification. What would
my new function need to do besides display the field?
Thanks,
Steve
Here is a patch to add this functionality. It displays the notification
port and the notification payload (not sure what the payload itself
means yet). It also dynamically registers each notification port found
with a new dissector (that I called newmail for lack of a better name -
I'm open to suggestions) that displays the notification payload. This
is all undocumented by Microsoft in their usual fashion.
I also changed the code to always display the mapi.opnum field;
currently, the mapi.opnum is only displayed when the
dcerpc_mapi_dissector is null.
Steve
svn path=/trunk/; revision=19350
This patch adds support for dissecting ontap's nfsv4 filehandle,
as well as some updates to nfsv3 filehandle as well in the nfs
dissector.
Alex.
checked in with minor changes
svn path=/trunk/; revision=19345
Hi folks,
We think we've found a bug in STANAG 5066 SIS layer dissector.
Problem is at S_EXPEDITED_UNIDATA_INDICATION S_Prim's parser
and occurs when we receive a U_PDU via expedited unidata channel.
Dissector tries to parse first 2 bytes of U_PDU as a header size of type
21 s_prim (S_UNIDATA_INDICATION). But, this is not an wanted process on
that parser. Maybe, it was forgotten unchanged from
S_UNIDATA_INDICATION dissector while copying it. So it shows
data (U_PDU) 2 bytes short. Moreover, if data is just 1-byte, TCP datagrams
receive TCP checksum error.
Confirmed.
It was indeed a "copy-paste-did not edit correctly" bug.
While going over the code once more, I found:
1 - One bug in the heuristic. (Changed '&&' to '||')
2 - One to-do that was already done. (Removed the /* TODO */)
3 - One to-do that is now done. ;-)
svn path=/trunk/; revision=19210
Also, there is still an outstanding issue regarding the default use of
the "media" dissector. The way it is currently coded there is no way to
have a heuristic decoder when a content-type header is specified.
In this way if there is a decoder for a specific content-type then it
will be used, then the heuristic decoders have a chance, and finally the
default of either the media-type decoder of the http_payload decoder.
svn path=/trunk/; revision=19208
New protocol: epl v1
Hi,
in addition to the recently submitted dissector for the EPL v2 protocol,
this is the dissector for the first version of the EPL protocol.
Best Regards,
David
svn path=/trunk/; revision=19125
new protocol: veritas low latency transport
---
Attached is a patch file that adds a new dissector for the LLT protocol
(Veritas Low Level Transport, used for server clustering). They use
ethertype 0xCAFE even though it isn't assigned to them :(. There are
other fields and possibly other message types directly between servers
it does not yet dissect as no one outside of Veritas knows what they
are. This dissector understands the one people will run across most -
multiple servers broadcasting these heartbeats all over the place. I
figured out these fields through many Internet searches.
I will add the protocol to the Wiki after it is committed.
Thanks,
Steve
svn path=/trunk/; revision=18944
I have developed a plugin for Pro-MPEG FEC packets over RTP (see
previous posts on ethereal-dev). I have added a page and example capture
file to the Wiki (http://wiki.wireshark.org/2dParityFEC). The source and
Windows makefile for the plugin are attached. Unfortunately I do not
have access to other systems so this plugin has been tested on Windows
only.
The attached version of my plug-in has only had the copyright header
added.
I will translate this into a proper dissector rather than a plug-in as
requested, but this may take a little time as I have a lot of other
things
to do at the moment.
Me:
Convert into a normal dissector
Reorder / reformat code a bit
Added Marks name to the top of the file.
svn path=/trunk/; revision=18908
Hi,
The attached file should fix the following two bugs in the AJP dissector.
1) The dissector doesn't know about CPING/CPONG
2) The dissector misinterprets multiple requests in one connection if a
prior request has a Body request part.
svn path=/trunk/; revision=18780
Ronnie Sahlberg